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WHAT IS CLAIMED IS: 

1 . A system comprising: 

operating system providing at least one routine capable of being invoked, and said 
operating system operable to collect audit data for invoked operating system routines; 
data storage having collected audit data stored thereto in a first format; and 
software code executable by at least one processor to receive said collected audit data 
and generate output comprising at least a portion of said collected audit data in a desired 
format defined by a template, wherein said desired format is different than said first format. 

2. The system of claim 1 wherein said template comprises at least one constant 
element. 

3 . The system of claim 2 wherein said at least one constant element is included 
verbatim in said output. 

4. The system of claim 1 wherein said template comprises at least one variable 
element. 

5. The system of claim 4 wherein said at least one variable element identifies a 
particular portion of the collected audit data to be included in said output. 

6. The system of claim 5 wherein said at least one variable element identifies a 
location within said output at which said particular portion of the collected audit data is to be 
arranged. 
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7. The system of claim 1 wherein said collected audit data comprises a record for 
each invocation of an operating system routine that is included within said collected audit 
data, and wherein each record includes at least one type of audit information relating to 
execution of an invoked operating system routine. 

8. The system of claim 7 wherein said at least one type of audit information 
includes at least one type selected from the group consisting of: 

user identification, group identification, supplementary group identification, process 
identification, event identification, event count, event type, date, time, thread identification, 
system call, capabilities used, object, and result. 

9. The system of claim 7 wherein said template comprises at least one variable 
element that each identifies a particular type of audit information to be included in said 
output. 

10. The system of claim 1 wherein said template comprises at least one 
conditional element. 

1 1 . The system of claim 10 wherein said at least one conditional element dictates 
that said output is to have a particular format if a condition is satisfied, otherwise said output 
is to have a different format. 

12. The system of claim 1 wherein said template defines a format selected from 
the group consisting of: 

plain text, markup language, and comma separated format. 

13. The system of claim 1 wherein said operating system comprises a kernel-level 
audit device driver for collecting said audit data. 
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14. A computer program product for generating audit data in a desired format, said 
audit data relating to execution of a routine, said computer program product comprising a 
computer-readable storage medium having computer-readable program code embodied in 
said medium, said computer readable program code comprising: 

code executable to access audit data stored in a data storage device, wherein said audit 
data comprises information relating to execution of at least one invoked routine; 
code executable to access an audit transformation template; and 

code executable to generate output comprising at least a portion of said collected audit 
data, said output having a format defined by said audit transformation template. 

15. The computer program product of claim 14 wherein said audit data is collected 
by an operating system. 

16. The computer program product of claim 14 wherein said at least one routine 
includes at least one invoked operating system routine. 

17. The computer program product of claim 1 6 wherein said at least one invoked 
operating system routine is invoked by an application via system call. 

18. The computer program product of claim 1 6 wherein said at least one invoked 
operating system routine is invoked via user command. 

19. The computer program product of claim 14 wherein said audit transformation 
template comprises at least one constant element that is included verbatim in said output. 

20. The computer program product of claim 14 wherein said template comprises at 
least one variable elements. 
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2 1 . The computer program product of claim 20 wherein said collected audit data 
comprises a record for each invocation of an operating system routine that is included within 
said collected audit data, and wherein each record includes at least one type of audit 
information relating to execution of an invoked operating system routine. 

22. The computer program product of claim 21 wherein said at least one type of 
audit information includes at least one type selected from the group consisting of: 

user identification, group identification, supplementary group identification, process 
identification, event identification, event count, event type, date, time, thread identification, 
system call, capabilities used, object, and result. 

23 . The computer program product of claim 22 wherein said audit data comprises 
multiple ones of said record, fiirther comprising: 

code executable to sort at least a portion of the multiple records based on at least one 
of said types of audit information. 

24. The computer program product of claim 2 1 wherein said at least one variable 
element each identify a particular type of audit information to be included in said output. 

25. The computer program product of claim 14 wherein said template comprises at 
least one conditional element, and wherein said conditional element dictates that said output 
is to have a first format if a condition is satisfied and have a different format if said condition 
is not satisfied. 
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26. A method of generating an output that includes collected audit data therein and 
has a desired format, said method comprising the steps of 

collecting audit data relating to the execution of one or more invoked routines; 
storing said collected audit data to a data storage device; 
accessing said collected audit data; 

accessing an audit transformation template that defines a desired format; and 
generating an output that includes at least a portion of said collected audit data, 

wherein said output comprises said desired format as defined by said audit transformation 

template. 

27. The method of claim 26 wherein said audit data comprises information about 
at least one invoked operating system routine. 

28. The method of claim 26 further comprising the step of 
creating, by a user, said audit transformation template. 

29. The method of claim 26 wherein said audit transformation template comprises 
at least one constant element that is included verbatim in said output. 

30. The method of claim 26 wherein said audit transformation template comprises 
at least one variable element. 

3 1 . The method of claim 30 wherein said at least one variable element identifies a 
particular type of audit information from said collected audit data to be included in said 
output. 
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32. The method of claim 3 1 wherein said particular type of audit information 
includes at least one type selected from the group consisting of: 

user identification, group identification, supplementary group identification, process 
identification, event identification, event count, event type, date, time, thread identification, 
system call, capabilities used, object, and result. 

33 . The method of claim 26 further comprising the step of 
presenting said output to a user. 

34. The method of claim 26 further comprising the step of: 
Storing said output to a file. 

35. The method of claim 26 further comprising the step of 
inputting said output to an application for processing by said application. 

36. The method of claun 26 further comprising the step of 

sorting said collected audit data based at least in part on at least one type of audit 
information included therein. 
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37. A library of software functions comprising: 

function executable to access collected audit data, wherein said audit data comprises 
information about at least one invoked routine of said operating system; 

function executable to access a template defining an output format; and 
function executable to generate output comprising at least a portion of said collected 
audit data, wherein said output has a format defined by said template. 

38. The library of claim 37 wherein said function executable to access collected 
audit data, said function executable to access a template, and said function executable to 
generate output are distinct functions. 

39. The library of claim 37 wherein said function executable to access collected 
audit data, said function executable to access a template, and said function executable to 
generate output are included within a common function. 
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